Category: Safety and Security

Hackers are always finding new ways to attack that we need to protect against. I call this new attack the ‘WordPress setup Hack’ and it exploits the time it takes to install WordPress. This new attack uses the easy setup wizard against us by connecting your WordPress setup to the hacker controlled database. It then … Continue reading “Install promptly to protect from the WordPress setup hack”

There is a story spreading on the internet of a brute force attack hitting WordPress sites and trying to break into your site. A brute force password attack happens when a program tries to guess your password by simply trying lots of different possibilities – and making educated guesses. This is even more important at … Continue reading “The brute force attack scare”

A security and maintenance update for WordPress was released last night and addresses a number of bugs and a small set of security patches. One of the security patches fixes a problem that has been in all previous versions of WordPress so it is particularly important you apply this as soon as possible. If you … Continue reading “WordPress release 3.5.1 is out”

During your regular website maintenance you might come across the ‘WordPress Internal Path Error’. Don’t panic, it’s not a critical issue – but don’t ignore it either. In my series on doing your own regular maintenance and health checks I mention that it is a good idea to use a service like Sucuri.net to get … Continue reading “Solving the WordPress internal path error”

Google Webmaster Tools now provide a helpful summary of the website health for all of the websites on your Webmaster Tools account. This is very helpful as it saves you having to drill down into every website individually – which can take a while if you are managing a number of sites and can even … Continue reading “New summary of website health provided by Google”

Distributed Denial of Service (DDoS) happens when a hacker sends lots of fake traffic to your web site, or in my case a site on the same shared server that I am using. This means that the server is so busy trying to deal with the fake traffic that it can not service the real … Continue reading “What is DDoS and what can I do about it?”

Here is a date for the diary if you are using WordPress for your site – November 15th, 2011. The schedule for the next major release of WordPress has been announced. There will still be a series of minor releases for 3.2 We will know the list of new features by the end of August … Continue reading “WordPress 3.3 will be released in November”

It’s human nature, we are all human and we all have a similar way of thinking and acting. A downside of this on the security front is that we tend to pick the same passwords as everyone else. At worst – when in a rush 1234 or abc123 is the easiest thing to type on … Continue reading “Don’t use one of the most common passwords”

You may want to give other people access to your Google Analytics data for a number of reasons. To share with a consultant, to let others in your company run reports, to have a Geek like me set up reports for you etc. If you give them your password to access your Google account then … Continue reading “How to give access to Google Analytics data”

Spam, and people trying to do the wrong thing are everywhere! I was at a client’s this week when she received an incoming Skype call from “Urgent Update”. It was a recorded message starting to tell her that there was a security problem… We hung up! They call it ‘vishing’ (or voice phishing). Skype will … Continue reading “Now we get spam on Skype too”